Ignorer kommandoer på båndet
Gå til hovedindhold

The security risks of black box technology


By ​Helge Skov Diernæs, Management Consultant at NNIT​

When did you last evaluate the security of your Wi-Fi or Bluetooth-enabled camera or refrigerator?

Simple user interfaces have brought back the black box. Users need only to consider “input” and “output”, so a basic understanding of the technology behind is no longer required.

Users expect new systems and technologies to be created and available quickly. This often results in a strong development focus on user requirements in terms of functionality, performance and reliability, and less so on the security risks involved.

But the security risks often reside inside the black box and these are easily overlooked or ignored. Every new day brings stories about ransom ware and espionage, which remind us about the importance of security housekeeping.

We often see that the key to manage the information security risk of new technologies successfully is to make the risk assessment a mandatory part of the pre-analysis. Before technology acquisition is decided, information security risks can be identified and the costs of mitigations factored in as part of the decision base.

An information security risk assessment of a black box solution is typically carried out by breaking the solution down into its component parts and analyzing each of these individually. This is done by analyzing the hardware, software and application architecture, and will often call on a range of subject matter experts.

By making management approval of the technology acquisition dependent on the outcome of the information security risk assessment, risk implications are kept transparent and the cost of associated mitigations predictable.​​


About NNIT Security Insights

NNIT Security Insights is a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT has its own Computer Emergency Response Team (CERT). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. 

You are welcome to contact us at itmanagement@nnit.com if you want to know more about how NNIT can help your business increase its information security level.​

About the author​​

The author Helge Fraes Djernes is a CISM certified security professional with more than 18 years of experience in the software industry, hereof 8 years as adviser, service delivery manager and project manager in information security. Customers span major financial organizations and manufacturing companies with focus on risk management and risk mitigation initiatives.​




Helge Skov Djernes+45 3075 8868 hfsd@nnit.comInformation Security Management Consultanthttps://www.linkedin.com/in/helgeskovdiernaes/Helge Skov Djernes



NNIT Security Insightshttp://www.nnit.dk/cybersecurity/Sider/nnit-security-insights.aspxNNIT Security Insights
Risky Business?http://www.nnit.dk/ArtiklerOgOfferings/Sider/Risky-Business.aspxRisky Business?
​Ransomware 101http://www.nnit.dk/ArtiklerOgOfferings/Sider/Insights.aspx​Ransomware 101
Cybersecurity Awareness – The First Line of Defense​http://www.nnit.dk/ArtiklerOgOfferings/Sider/CybersecurityAwareness.aspxCybersecurity Awareness – The First Line of Defense​
The Fine Art of Aligning Business Strategy and Information Security Strategyhttp://www.nnit.dk/ArtiklerOgOfferings/Sider/The-Fine-Art-of-Aligning-Business-Strategy-and-Information-Security-Strategy.aspxThe Fine Art of Aligning Business Strategy and Information Security Strategy
​Privacy – why it is worth fighting forhttp://www.nnit.dk/ArtiklerOgOfferings/Sider/Privacy.aspx​Privacy – why it is worth fighting for
​The C.I.A. of application security!http://www.nnit.dk/ArtiklerOgOfferings/Sider/ApplicationSecurity.aspx​The C.I.A. of application security!
Migrate to Cloud Services without Jeopardizing Security and Compliancehttp://www.nnit.dk/ArtiklerOgOfferings/Sider/MigratetoCloudServices.aspxMigrate to Cloud Services without Jeopardizing Security and Compliance
​​​Building a sustainable defence: How to secure your operational technology (OT) environment​http://www.nnit.dk/ArtiklerOgOfferings/Sider/BuildingSustainableDefence.aspx​​​Building a sustainable defence: How to secure your operational technology (OT) environment​
How to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime?http://www.nnit.dk/ArtiklerOgOfferings/Sider/How-to-Keep-Industrial-Computer-Systems-(ICSSCADA)-Running-in-an-Age-of-Cybercrime.aspxHow to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime?